Note: These instructions are current as of April 27th 2018, and may not represent exact instruction as links or sites may change. Please contact us for more details if you are having difficulty with the setup.
Tip: These instructions apply to SSO only; you'll still need to manually provision and deprovision accounts in 7Geese.
- Step 1: Login to Office 365 as an admin
- Step 2: Click on ‘Admin’
- Step 3: On the navigation bar, find the entry for
Admin centersand expand it. Open the link to ‘Azure Active Directory’
- Step 4: Click ‘Enterprise Applications’ from the navigation bar.
- Step 5: From the ‘All Applications’ pane, click ‘+ New application’
- Step 6: Click ‘Non-Gallery Application’
- Step 7: At this point you might be prompted to sign up for a service to enable SAML through active directory. Azure Professional Tier 2 is sufficient and available for a trial period of one month with 100 users.
- Step 8: Name the application 7geese and and click create to continue the setup.
- Step 9: From the ‘Single Sign-on’ panel, select ‘SAML-based Sign-on’ from the drop down selector.
- Step 10: From near the bottom of the page, download the generated certificate in base64 mode.
- Step 11: Click ‘Configure 7Geese’, from the bottom of the page, a new page will open up.
- Step 12: Keep these page open, and open 7geese within a new tab/window.
- Step 13: Within 7Geese: At this point we need to get details from 7geese, Login as an administrator and go to ‘Org settings’
- Step 14: Within 7Geese: Click on the integrations tab, press the configure button beside ‘Single Sign on’
- Step 15: Add configuration from Active directory into 7geese:
7geese: (Issuer) -> AD: Entity ID (e.g https://sts.windows.net/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX/)
7geese: (Metadata URL) -> Same as above
7geese: (SSO URL) -> AD: SAML Single Sign on URL (e.g https://login.microsoftonline.com/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX/saml2)
7geese: (SLO URL) -> AD: Sign out URL (e.g https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0)
7geese: X.509 certificate -> Open the previously downloaded .cer file in a text editor. Copy the contents in this field
- Step 16: Click save settings.
- Step 17: Configure Active directory with 7geese settingsAD: (Identifier) -> 7Geese Issuer (e.g https://app.7geese.com/saml2/metadata/XXXXXXXXXXXXXXXXXXXXXXX/AD: (Reply URL) -> 7Geese SSO Service URL (https://app.7geese.com/saml2/acs/XXXXXXXXXXXXXXXXXXXXXXX/
- Step 18: Click save settings in active directory page.
- Step 19: Wait a minute (configuration can take a moment to be read properly, then click ‘Test SAML’)
Note: Active directory will attempt to login with the current user. This user might have an email address with the suffix .onmicrosoft.com. If this is the case, 7Geese will prompt that the user is not registered in the network (all same users must be previously configured in 7Geese before single sign on will work for them).
- Step 20: From 7geese, click ‘test logging in’
- Step 21: If both of these have worked, press Enable SAML on the 7geese configuration page.